You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2912 lines
84 KiB

  1. /***************************************************************************
  2. * Copyright (C) 2005 by Dominic Rath *
  3. * Dominic.Rath@gmx.de *
  4. * *
  5. * Copyright (C) 2007,2008 √ėyvind Harboe *
  6. * oyvind.harboe@zylin.com *
  7. * *
  8. * Copyright (C) 2008 by Spencer Oliver *
  9. * spen@spen-soft.co.uk *
  10. * *
  11. * Copyright (C) 2008 by Hongtao Zheng *
  12. * hontor@126.com *
  13. * *
  14. * This program is free software; you can redistribute it and/or modify *
  15. * it under the terms of the GNU General Public License as published by *
  16. * the Free Software Foundation; either version 2 of the License, or *
  17. * (at your option) any later version. *
  18. * *
  19. * This program is distributed in the hope that it will be useful, *
  20. * but WITHOUT ANY WARRANTY; without even the implied warranty of *
  21. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
  22. * GNU General Public License for more details. *
  23. * *
  24. * You should have received a copy of the GNU General Public License *
  25. * along with this program; if not, write to the *
  26. * Free Software Foundation, Inc., *
  27. * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
  28. ***************************************************************************/
  29. #ifdef HAVE_CONFIG_H
  30. #include "config.h"
  31. #endif
  32. #include "breakpoints.h"
  33. #include "embeddedice.h"
  34. #include "target_request.h"
  35. #include "etm.h"
  36. #include <helper/time_support.h>
  37. #include "arm_simulator.h"
  38. #include "arm_semihosting.h"
  39. #include "algorithm.h"
  40. #include "register.h"
  41. #include "armv4_5.h"
  42. /**
  43. * @file
  44. * Hold common code supporting the ARM7 and ARM9 core generations.
  45. *
  46. * While the ARM core implementations evolved substantially during these
  47. * two generations, they look quite similar from the JTAG perspective.
  48. * Both have similar debug facilities, based on the same two scan chains
  49. * providing access to the core and to an EmbeddedICE module. Both can
  50. * support similar ETM and ETB modules, for tracing. And both expose
  51. * what could be viewed as "ARM Classic", with multiple processor modes,
  52. * shadowed registers, and support for the Thumb instruction set.
  53. *
  54. * Processor differences include things like presence or absence of MMU
  55. * and cache, pipeline sizes, use of a modified Harvard Architecure
  56. * (with separate instruction and data busses from the CPU), support
  57. * for cpu clock gating during idle, and more.
  58. */
  59. static int arm7_9_debug_entry(struct target *target);
  60. /**
  61. * Clear watchpoints for an ARM7/9 target.
  62. *
  63. * @param arm7_9 Pointer to the common struct for an ARM7/9 target
  64. * @return JTAG error status after executing queue
  65. */
  66. static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
  67. {
  68. LOG_DEBUG("-");
  69. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
  70. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
  71. arm7_9->sw_breakpoint_count = 0;
  72. arm7_9->sw_breakpoints_added = 0;
  73. arm7_9->wp0_used = 0;
  74. arm7_9->wp1_used = arm7_9->wp1_used_default;
  75. arm7_9->wp_available = arm7_9->wp_available_max;
  76. return jtag_execute_queue();
  77. }
  78. /**
  79. * Assign a watchpoint to one of the two available hardware comparators in an
  80. * ARM7 or ARM9 target.
  81. *
  82. * @param arm7_9 Pointer to the common struct for an ARM7/9 target
  83. * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
  84. */
  85. static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
  86. {
  87. if (!arm7_9->wp0_used)
  88. {
  89. arm7_9->wp0_used = 1;
  90. breakpoint->set = 1;
  91. arm7_9->wp_available--;
  92. }
  93. else if (!arm7_9->wp1_used)
  94. {
  95. arm7_9->wp1_used = 1;
  96. breakpoint->set = 2;
  97. arm7_9->wp_available--;
  98. }
  99. else
  100. {
  101. LOG_ERROR("BUG: no hardware comparator available");
  102. }
  103. LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
  104. breakpoint->unique_id,
  105. breakpoint->address,
  106. breakpoint->set );
  107. }
  108. /**
  109. * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
  110. *
  111. * @param arm7_9 Pointer to common struct for ARM7/9 targets
  112. * @return Error codes if there is a problem finding a watchpoint or the result
  113. * of executing the JTAG queue
  114. */
  115. static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
  116. {
  117. if (arm7_9->sw_breakpoints_added)
  118. {
  119. return ERROR_OK;
  120. }
  121. if (arm7_9->wp_available < 1)
  122. {
  123. LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
  124. return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
  125. }
  126. arm7_9->wp_available--;
  127. /* pick a breakpoint unit */
  128. if (!arm7_9->wp0_used)
  129. {
  130. arm7_9->sw_breakpoints_added = 1;
  131. arm7_9->wp0_used = 3;
  132. } else if (!arm7_9->wp1_used)
  133. {
  134. arm7_9->sw_breakpoints_added = 2;
  135. arm7_9->wp1_used = 3;
  136. }
  137. else
  138. {
  139. LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
  140. return ERROR_FAIL;
  141. }
  142. if (arm7_9->sw_breakpoints_added == 1)
  143. {
  144. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
  145. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
  146. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
  147. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  148. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  149. }
  150. else if (arm7_9->sw_breakpoints_added == 2)
  151. {
  152. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
  153. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
  154. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
  155. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  156. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  157. }
  158. else
  159. {
  160. LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
  161. return ERROR_FAIL;
  162. }
  163. LOG_DEBUG("SW BP using hw wp: %d",
  164. arm7_9->sw_breakpoints_added );
  165. return jtag_execute_queue();
  166. }
  167. /**
  168. * Setup the common pieces for an ARM7/9 target after reset or on startup.
  169. *
  170. * @param target Pointer to an ARM7/9 target to setup
  171. * @return Result of clearing the watchpoints on the target
  172. */
  173. int arm7_9_setup(struct target *target)
  174. {
  175. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  176. return arm7_9_clear_watchpoints(arm7_9);
  177. }
  178. /**
  179. * Set either a hardware or software breakpoint on an ARM7/9 target. The
  180. * breakpoint is set up even if it is already set. Some actions, e.g. reset,
  181. * might have erased the values in Embedded ICE.
  182. *
  183. * @param target Pointer to the target device to set the breakpoints on
  184. * @param breakpoint Pointer to the breakpoint to be set
  185. * @return For hardware breakpoints, this is the result of executing the JTAG
  186. * queue. For software breakpoints, this will be the status of the
  187. * required memory reads and writes
  188. */
  189. int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
  190. {
  191. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  192. int retval = ERROR_OK;
  193. LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
  194. breakpoint->unique_id,
  195. breakpoint->address,
  196. breakpoint->type);
  197. if (target->state != TARGET_HALTED)
  198. {
  199. LOG_WARNING("target not halted");
  200. return ERROR_TARGET_NOT_HALTED;
  201. }
  202. if (breakpoint->type == BKPT_HARD)
  203. {
  204. /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
  205. uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
  206. /* reassign a hw breakpoint */
  207. if (breakpoint->set == 0)
  208. {
  209. arm7_9_assign_wp(arm7_9, breakpoint);
  210. }
  211. if (breakpoint->set == 1)
  212. {
  213. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
  214. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
  215. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
  216. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  217. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  218. }
  219. else if (breakpoint->set == 2)
  220. {
  221. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
  222. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
  223. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
  224. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  225. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  226. }
  227. else
  228. {
  229. LOG_ERROR("BUG: no hardware comparator available");
  230. return ERROR_OK;
  231. }
  232. retval = jtag_execute_queue();
  233. }
  234. else if (breakpoint->type == BKPT_SOFT)
  235. {
  236. /* did we already set this breakpoint? */
  237. if (breakpoint->set)
  238. return ERROR_OK;
  239. if (breakpoint->length == 4)
  240. {
  241. uint32_t verify = 0xffffffff;
  242. /* keep the original instruction in target endianness */
  243. if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
  244. {
  245. return retval;
  246. }
  247. /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
  248. if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
  249. {
  250. return retval;
  251. }
  252. if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
  253. {
  254. return retval;
  255. }
  256. if (verify != arm7_9->arm_bkpt)
  257. {
  258. LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
  259. return ERROR_OK;
  260. }
  261. }
  262. else
  263. {
  264. uint16_t verify = 0xffff;
  265. /* keep the original instruction in target endianness */
  266. if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
  267. {
  268. return retval;
  269. }
  270. /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
  271. if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
  272. {
  273. return retval;
  274. }
  275. if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
  276. {
  277. return retval;
  278. }
  279. if (verify != arm7_9->thumb_bkpt)
  280. {
  281. LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
  282. return ERROR_OK;
  283. }
  284. }
  285. if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
  286. return retval;
  287. arm7_9->sw_breakpoint_count++;
  288. breakpoint->set = 1;
  289. }
  290. return retval;
  291. }
  292. /**
  293. * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
  294. * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
  295. * will be updated. Otherwise, the software breakpoint will be restored to its
  296. * original instruction if it hasn't already been modified.
  297. *
  298. * @param target Pointer to ARM7/9 target to unset the breakpoint from
  299. * @param breakpoint Pointer to breakpoint to be unset
  300. * @return For hardware breakpoints, this is the result of executing the JTAG
  301. * queue. For software breakpoints, this will be the status of the
  302. * required memory reads and writes
  303. */
  304. int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
  305. {
  306. int retval = ERROR_OK;
  307. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  308. LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
  309. breakpoint->unique_id,
  310. breakpoint->address );
  311. if (!breakpoint->set)
  312. {
  313. LOG_WARNING("breakpoint not set");
  314. return ERROR_OK;
  315. }
  316. if (breakpoint->type == BKPT_HARD)
  317. {
  318. LOG_DEBUG("BPID: %d Releasing hw wp: %d",
  319. breakpoint->unique_id,
  320. breakpoint->set );
  321. if (breakpoint->set == 1)
  322. {
  323. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
  324. arm7_9->wp0_used = 0;
  325. arm7_9->wp_available++;
  326. }
  327. else if (breakpoint->set == 2)
  328. {
  329. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
  330. arm7_9->wp1_used = 0;
  331. arm7_9->wp_available++;
  332. }
  333. retval = jtag_execute_queue();
  334. breakpoint->set = 0;
  335. }
  336. else
  337. {
  338. /* restore original instruction (kept in target endianness) */
  339. if (breakpoint->length == 4)
  340. {
  341. uint32_t current_instr;
  342. /* check that user program as not modified breakpoint instruction */
  343. if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
  344. {
  345. return retval;
  346. }
  347. if (current_instr == arm7_9->arm_bkpt)
  348. if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
  349. {
  350. return retval;
  351. }
  352. }
  353. else
  354. {
  355. uint16_t current_instr;
  356. /* check that user program as not modified breakpoint instruction */
  357. if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
  358. {
  359. return retval;
  360. }
  361. if (current_instr == arm7_9->thumb_bkpt)
  362. if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
  363. {
  364. return retval;
  365. }
  366. }
  367. if (--arm7_9->sw_breakpoint_count==0)
  368. {
  369. /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
  370. if (arm7_9->sw_breakpoints_added == 1)
  371. {
  372. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
  373. }
  374. else if (arm7_9->sw_breakpoints_added == 2)
  375. {
  376. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
  377. }
  378. }
  379. breakpoint->set = 0;
  380. }
  381. return retval;
  382. }
  383. /**
  384. * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
  385. * dangling breakpoints and that the desired breakpoint can be added.
  386. *
  387. * @param target Pointer to the target ARM7/9 device to add a breakpoint to
  388. * @param breakpoint Pointer to the breakpoint to be added
  389. * @return An error status if there is a problem adding the breakpoint or the
  390. * result of setting the breakpoint
  391. */
  392. int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
  393. {
  394. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  395. if (arm7_9->breakpoint_count == 0)
  396. {
  397. /* make sure we don't have any dangling breakpoints. This is vital upon
  398. * GDB connect/disconnect
  399. */
  400. arm7_9_clear_watchpoints(arm7_9);
  401. }
  402. if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
  403. {
  404. LOG_INFO("no watchpoint unit available for hardware breakpoint");
  405. return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
  406. }
  407. if ((breakpoint->length != 2) && (breakpoint->length != 4))
  408. {
  409. LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
  410. return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
  411. }
  412. if (breakpoint->type == BKPT_HARD)
  413. {
  414. arm7_9_assign_wp(arm7_9, breakpoint);
  415. }
  416. arm7_9->breakpoint_count++;
  417. return arm7_9_set_breakpoint(target, breakpoint);
  418. }
  419. /**
  420. * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
  421. * dangling breakpoints and updates available watchpoints if it is a hardware
  422. * breakpoint.
  423. *
  424. * @param target Pointer to the target to have a breakpoint removed
  425. * @param breakpoint Pointer to the breakpoint to be removed
  426. * @return Error status if there was a problem unsetting the breakpoint or the
  427. * watchpoints could not be cleared
  428. */
  429. int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
  430. {
  431. int retval = ERROR_OK;
  432. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  433. if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
  434. {
  435. return retval;
  436. }
  437. if (breakpoint->type == BKPT_HARD)
  438. arm7_9->wp_available++;
  439. arm7_9->breakpoint_count--;
  440. if (arm7_9->breakpoint_count == 0)
  441. {
  442. /* make sure we don't have any dangling breakpoints */
  443. if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
  444. {
  445. return retval;
  446. }
  447. }
  448. return ERROR_OK;
  449. }
  450. /**
  451. * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
  452. * considered a bug to call this function when there are no available watchpoint
  453. * units.
  454. *
  455. * @param target Pointer to an ARM7/9 target to set a watchpoint on
  456. * @param watchpoint Pointer to the watchpoint to be set
  457. * @return Error status if watchpoint set fails or the result of executing the
  458. * JTAG queue
  459. */
  460. int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
  461. {
  462. int retval = ERROR_OK;
  463. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  464. int rw_mask = 1;
  465. uint32_t mask;
  466. mask = watchpoint->length - 1;
  467. if (target->state != TARGET_HALTED)
  468. {
  469. LOG_WARNING("target not halted");
  470. return ERROR_TARGET_NOT_HALTED;
  471. }
  472. if (watchpoint->rw == WPT_ACCESS)
  473. rw_mask = 0;
  474. else
  475. rw_mask = 1;
  476. if (!arm7_9->wp0_used)
  477. {
  478. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
  479. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
  480. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
  481. if (watchpoint->mask != 0xffffffffu)
  482. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
  483. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
  484. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
  485. if ((retval = jtag_execute_queue()) != ERROR_OK)
  486. {
  487. return retval;
  488. }
  489. watchpoint->set = 1;
  490. arm7_9->wp0_used = 2;
  491. }
  492. else if (!arm7_9->wp1_used)
  493. {
  494. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
  495. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
  496. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
  497. if (watchpoint->mask != 0xffffffffu)
  498. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
  499. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
  500. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
  501. if ((retval = jtag_execute_queue()) != ERROR_OK)
  502. {
  503. return retval;
  504. }
  505. watchpoint->set = 2;
  506. arm7_9->wp1_used = 2;
  507. }
  508. else
  509. {
  510. LOG_ERROR("BUG: no hardware comparator available");
  511. return ERROR_OK;
  512. }
  513. return ERROR_OK;
  514. }
  515. /**
  516. * Unset an existing watchpoint and clear the used watchpoint unit.
  517. *
  518. * @param target Pointer to the target to have the watchpoint removed
  519. * @param watchpoint Pointer to the watchpoint to be removed
  520. * @return Error status while trying to unset the watchpoint or the result of
  521. * executing the JTAG queue
  522. */
  523. int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
  524. {
  525. int retval = ERROR_OK;
  526. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  527. if (target->state != TARGET_HALTED)
  528. {
  529. LOG_WARNING("target not halted");
  530. return ERROR_TARGET_NOT_HALTED;
  531. }
  532. if (!watchpoint->set)
  533. {
  534. LOG_WARNING("breakpoint not set");
  535. return ERROR_OK;
  536. }
  537. if (watchpoint->set == 1)
  538. {
  539. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
  540. if ((retval = jtag_execute_queue()) != ERROR_OK)
  541. {
  542. return retval;
  543. }
  544. arm7_9->wp0_used = 0;
  545. }
  546. else if (watchpoint->set == 2)
  547. {
  548. embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
  549. if ((retval = jtag_execute_queue()) != ERROR_OK)
  550. {
  551. return retval;
  552. }
  553. arm7_9->wp1_used = 0;
  554. }
  555. watchpoint->set = 0;
  556. return ERROR_OK;
  557. }
  558. /**
  559. * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
  560. * available, an error response is returned.
  561. *
  562. * @param target Pointer to the ARM7/9 target to add a watchpoint to
  563. * @param watchpoint Pointer to the watchpoint to be added
  564. * @return Error status while trying to add the watchpoint
  565. */
  566. int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
  567. {
  568. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  569. if (arm7_9->wp_available < 1)
  570. {
  571. return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
  572. }
  573. if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
  574. {
  575. return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
  576. }
  577. arm7_9->wp_available--;
  578. return ERROR_OK;
  579. }
  580. /**
  581. * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
  582. * the used watchpoint unit will be reopened.
  583. *
  584. * @param target Pointer to the target to remove a watchpoint from
  585. * @param watchpoint Pointer to the watchpoint to be removed
  586. * @return Result of trying to unset the watchpoint
  587. */
  588. int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
  589. {
  590. int retval = ERROR_OK;
  591. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  592. if (watchpoint->set)
  593. {
  594. if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
  595. {
  596. return retval;
  597. }
  598. }
  599. arm7_9->wp_available++;
  600. return ERROR_OK;
  601. }
  602. /**
  603. * Restarts the target by sending a RESTART instruction and moving the JTAG
  604. * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
  605. * asserted by the processor.
  606. *
  607. * @param target Pointer to target to issue commands to
  608. * @return Error status if there is a timeout or a problem while executing the
  609. * JTAG queue
  610. */
  611. int arm7_9_execute_sys_speed(struct target *target)
  612. {
  613. int retval;
  614. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  615. struct arm_jtag *jtag_info = &arm7_9->jtag_info;
  616. struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
  617. /* set RESTART instruction */
  618. jtag_set_end_state(TAP_IDLE);
  619. if (arm7_9->need_bypass_before_restart) {
  620. arm7_9->need_bypass_before_restart = 0;
  621. arm_jtag_set_instr(jtag_info, 0xf, NULL);
  622. }
  623. arm_jtag_set_instr(jtag_info, 0x4, NULL);
  624. long long then = timeval_ms();
  625. int timeout;
  626. while (!(timeout = ((timeval_ms()-then) > 1000)))
  627. {
  628. /* read debug status register */
  629. embeddedice_read_reg(dbg_stat);
  630. if ((retval = jtag_execute_queue()) != ERROR_OK)
  631. return retval;
  632. if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
  633. && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
  634. break;
  635. if (debug_level >= 3)
  636. {
  637. alive_sleep(100);
  638. } else
  639. {
  640. keep_alive();
  641. }
  642. }
  643. if (timeout)
  644. {
  645. LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
  646. return ERROR_TARGET_TIMEOUT;
  647. }
  648. return ERROR_OK;
  649. }
  650. /**
  651. * Restarts the target by sending a RESTART instruction and moving the JTAG
  652. * state to IDLE. This validates that DBGACK and SYSCOMP are set without
  653. * waiting until they are.
  654. *
  655. * @param target Pointer to the target to issue commands to
  656. * @return Always ERROR_OK
  657. */
  658. int arm7_9_execute_fast_sys_speed(struct target *target)
  659. {
  660. static int set = 0;
  661. static uint8_t check_value[4], check_mask[4];
  662. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  663. struct arm_jtag *jtag_info = &arm7_9->jtag_info;
  664. struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
  665. /* set RESTART instruction */
  666. jtag_set_end_state(TAP_IDLE);
  667. if (arm7_9->need_bypass_before_restart) {
  668. arm7_9->need_bypass_before_restart = 0;
  669. arm_jtag_set_instr(jtag_info, 0xf, NULL);
  670. }
  671. arm_jtag_set_instr(jtag_info, 0x4, NULL);
  672. if (!set)
  673. {
  674. /* check for DBGACK and SYSCOMP set (others don't care) */
  675. /* NB! These are constants that must be available until after next jtag_execute() and
  676. * we evaluate the values upon first execution in lieu of setting up these constants
  677. * during early setup.
  678. * */
  679. buf_set_u32(check_value, 0, 32, 0x9);
  680. buf_set_u32(check_mask, 0, 32, 0x9);
  681. set = 1;
  682. }
  683. /* read debug status register */
  684. embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
  685. return ERROR_OK;
  686. }
  687. /**
  688. * Get some data from the ARM7/9 target.
  689. *
  690. * @param target Pointer to the ARM7/9 target to read data from
  691. * @param size The number of 32bit words to be read
  692. * @param buffer Pointer to the buffer that will hold the data
  693. * @return The result of receiving data from the Embedded ICE unit
  694. */
  695. int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
  696. {
  697. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  698. struct arm_jtag *jtag_info = &arm7_9->jtag_info;
  699. uint32_t *data;
  700. int retval = ERROR_OK;
  701. uint32_t i;
  702. data = malloc(size * (sizeof(uint32_t)));
  703. retval = embeddedice_receive(jtag_info, data, size);
  704. /* return the 32-bit ints in the 8-bit array */
  705. for (i = 0; i < size; i++)
  706. {
  707. h_u32_to_le(buffer + (i * 4), data[i]);
  708. }
  709. free(data);
  710. return retval;
  711. }
  712. /**
  713. * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
  714. * target is running and the DCC control register has the W bit high, this will
  715. * execute the request on the target.
  716. *
  717. * @param priv Void pointer expected to be a struct target pointer
  718. * @return ERROR_OK unless there are issues with the JTAG queue or when reading
  719. * from the Embedded ICE unit
  720. */
  721. int arm7_9_handle_target_request(void *priv)
  722. {
  723. int retval = ERROR_OK;
  724. struct target *target = priv;
  725. if (!target_was_examined(target))
  726. return ERROR_OK;
  727. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  728. struct arm_jtag *jtag_info = &arm7_9->jtag_info;
  729. struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
  730. if (!target->dbg_msg_enabled)
  731. return ERROR_OK;
  732. if (target->state == TARGET_RUNNING)
  733. {
  734. /* read DCC control register */
  735. embeddedice_read_reg(dcc_control);
  736. if ((retval = jtag_execute_queue()) != ERROR_OK)
  737. {
  738. return retval;
  739. }
  740. /* check W bit */
  741. if (buf_get_u32(dcc_control->value, 1, 1) == 1)
  742. {
  743. uint32_t request;
  744. if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
  745. {
  746. return retval;
  747. }
  748. if ((retval = target_request(target, request)) != ERROR_OK)
  749. {
  750. return retval;
  751. }
  752. }
  753. }
  754. return ERROR_OK;
  755. }
  756. /**
  757. * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
  758. * is manipulated to the right halted state based on its current state. This is
  759. * what happens:
  760. *
  761. * <table>
  762. * <tr><th > State</th><th > Action</th></tr>
  763. * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
  764. * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
  765. * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
  766. * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
  767. * </table>
  768. *
  769. * If the target does not end up in the halted state, a warning is produced. If
  770. * DBGACK is cleared, then the target is expected to either be running or
  771. * running in debug.
  772. *
  773. * @param target Pointer to the ARM7/9 target to poll
  774. * @return ERROR_OK or an error status if a command fails
  775. */
  776. int arm7_9_poll(struct target *target)
  777. {
  778. int retval;
  779. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  780. struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
  781. /* read debug status register */
  782. embeddedice_read_reg(dbg_stat);
  783. if ((retval = jtag_execute_queue()) != ERROR_OK)
  784. {
  785. return retval;
  786. }
  787. if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
  788. {
  789. /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
  790. if (target->state == TARGET_UNKNOWN)
  791. {
  792. /* Starting OpenOCD with target in debug-halt */
  793. target->state = TARGET_RUNNING;
  794. LOG_DEBUG("DBGACK already set during server startup.");
  795. }
  796. if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
  797. {
  798. target->state = TARGET_HALTED;
  799. if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
  800. return retval;
  801. if (arm_semihosting(target, &retval) != 0)
  802. return retval;
  803. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
  804. {
  805. return retval;
  806. }
  807. }
  808. if (target->state == TARGET_DEBUG_RUNNING)
  809. {
  810. target->state = TARGET_HALTED;
  811. if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
  812. return retval;
  813. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
  814. {
  815. return retval;
  816. }
  817. }
  818. if (target->state != TARGET_HALTED)
  819. {
  820. LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
  821. }
  822. }
  823. else
  824. {
  825. if (target->state != TARGET_DEBUG_RUNNING)
  826. target->state = TARGET_RUNNING;
  827. }
  828. return ERROR_OK;
  829. }
  830. /**
  831. * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
  832. * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
  833. * affected) completely stop the JTAG clock while the core is held in reset
  834. * (SRST). It isn't possible to program the halt condition once reset is
  835. * asserted, hence a hook that allows the target to set up its reset-halt
  836. * condition is setup prior to asserting reset.
  837. *
  838. * @param target Pointer to an ARM7/9 target to assert reset on
  839. * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
  840. */
  841. int arm7_9_assert_reset(struct target *target)
  842. {
  843. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  844. LOG_DEBUG("target->state: %s",
  845. target_state_name(target));
  846. enum reset_types jtag_reset_config = jtag_get_reset_config();
  847. if (!(jtag_reset_config & RESET_HAS_SRST))
  848. {
  849. LOG_ERROR("Can't assert SRST");
  850. return ERROR_FAIL;
  851. }
  852. /* At this point trst has been asserted/deasserted once. We would
  853. * like to program EmbeddedICE while SRST is asserted, instead of
  854. * depending on SRST to leave that module alone. However, many CPUs
  855. * gate the JTAG clock while SRST is asserted; or JTAG may need
  856. * clock stability guarantees (adaptive clocking might help).
  857. *
  858. * So we assume JTAG access during SRST is off the menu unless it's
  859. * been specifically enabled.
  860. */
  861. bool srst_asserted = false;
  862. if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
  863. && (jtag_reset_config & RESET_SRST_NO_GATING))
  864. {
  865. jtag_add_reset(0, 1);
  866. srst_asserted = true;
  867. }
  868. if (target->reset_halt)
  869. {
  870. /*
  871. * Some targets do not support communication while SRST is asserted. We need to
  872. * set up the reset vector catch here.
  873. *
  874. * If TRST is asserted, then these settings will be reset anyway, so setting them
  875. * here is harmless.
  876. */
  877. if (arm7_9->has_vector_catch)
  878. {
  879. /* program vector catch register to catch reset vector */
  880. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
  881. /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
  882. jtag_add_runtest(1, jtag_get_end_state());
  883. }
  884. else
  885. {
  886. /* program watchpoint unit to match on reset vector address */
  887. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
  888. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
  889. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
  890. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  891. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  892. }
  893. }
  894. /* here we should issue an SRST only, but we may have to assert TRST as well */
  895. if (jtag_reset_config & RESET_SRST_PULLS_TRST)
  896. {
  897. jtag_add_reset(1, 1);
  898. } else if (!srst_asserted)
  899. {
  900. jtag_add_reset(0, 1);
  901. }
  902. target->state = TARGET_RESET;
  903. jtag_add_sleep(50000);
  904. register_cache_invalidate(arm7_9->armv4_5_common.core_cache);
  905. if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
  906. {
  907. /* debug entry was already prepared in arm7_9_assert_reset() */
  908. target->debug_reason = DBG_REASON_DBGRQ;
  909. }
  910. return ERROR_OK;
  911. }
  912. /**
  913. * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
  914. * and the target is being reset into a halt, a warning will be triggered
  915. * because it is not possible to reset into a halted mode in this case. The
  916. * target is halted using the target's functions.
  917. *
  918. * @param target Pointer to the target to have the reset deasserted
  919. * @return ERROR_OK or an error from polling or halting the target
  920. */
  921. int arm7_9_deassert_reset(struct target *target)
  922. {
  923. int retval = ERROR_OK;
  924. LOG_DEBUG("target->state: %s",
  925. target_state_name(target));
  926. /* deassert reset lines */
  927. jtag_add_reset(0, 0);
  928. enum reset_types jtag_reset_config = jtag_get_reset_config();
  929. if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
  930. {
  931. LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
  932. /* set up embedded ice registers again */
  933. if ((retval = target_examine_one(target)) != ERROR_OK)
  934. return retval;
  935. if ((retval = target_poll(target)) != ERROR_OK)
  936. {
  937. return retval;
  938. }
  939. if ((retval = target_halt(target)) != ERROR_OK)
  940. {
  941. return retval;
  942. }
  943. }
  944. return retval;
  945. }
  946. /**
  947. * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
  948. * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
  949. * vector catch was used, it is restored. Otherwise, the control value is
  950. * restored and the watchpoint unit is restored if it was in use.
  951. *
  952. * @param target Pointer to the ARM7/9 target to have halt cleared
  953. * @return Always ERROR_OK
  954. */
  955. int arm7_9_clear_halt(struct target *target)
  956. {
  957. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  958. struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
  959. /* we used DBGRQ only if we didn't come out of reset */
  960. if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
  961. {
  962. /* program EmbeddedICE Debug Control Register to deassert DBGRQ
  963. */
  964. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
  965. embeddedice_store_reg(dbg_ctrl);
  966. }
  967. else
  968. {
  969. if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
  970. {
  971. /* if we came out of reset, and vector catch is supported, we used
  972. * vector catch to enter debug state
  973. * restore the register in that case
  974. */
  975. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
  976. }
  977. else
  978. {
  979. /* restore registers if watchpoint unit 0 was in use
  980. */
  981. if (arm7_9->wp0_used)
  982. {
  983. if (arm7_9->debug_entry_from_reset)
  984. {
  985. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
  986. }
  987. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
  988. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
  989. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
  990. }
  991. /* control value always has to be restored, as it was either disabled,
  992. * or enabled with possibly different bits
  993. */
  994. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
  995. }
  996. }
  997. return ERROR_OK;
  998. }
  999. /**
  1000. * Issue a software reset and halt to an ARM7/9 target. The target is halted
  1001. * and then there is a wait until the processor shows the halt. This wait can
  1002. * timeout and results in an error being returned. The software reset involves
  1003. * clearing the halt, updating the debug control register, changing to ARM mode,
  1004. * reset of the program counter, and reset of all of the registers.
  1005. *
  1006. * @param target Pointer to the ARM7/9 target to be reset and halted by software
  1007. * @return Error status if any of the commands fail, otherwise ERROR_OK
  1008. */
  1009. int arm7_9_soft_reset_halt(struct target *target)
  1010. {
  1011. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1012. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1013. struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
  1014. struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
  1015. int i;
  1016. int retval;
  1017. /* FIX!!! replace some of this code with tcl commands
  1018. *
  1019. * halt # the halt command is synchronous
  1020. * armv4_5 core_state arm
  1021. *
  1022. */
  1023. if ((retval = target_halt(target)) != ERROR_OK)
  1024. return retval;
  1025. long long then = timeval_ms();
  1026. int timeout;
  1027. while (!(timeout = ((timeval_ms()-then) > 1000)))
  1028. {
  1029. if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
  1030. break;
  1031. embeddedice_read_reg(dbg_stat);
  1032. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1033. return retval;
  1034. if (debug_level >= 3)
  1035. {
  1036. alive_sleep(100);
  1037. } else
  1038. {
  1039. keep_alive();
  1040. }
  1041. }
  1042. if (timeout)
  1043. {
  1044. LOG_ERROR("Failed to halt CPU after 1 sec");
  1045. return ERROR_TARGET_TIMEOUT;
  1046. }
  1047. target->state = TARGET_HALTED;
  1048. /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
  1049. * ensure that DBGRQ is cleared
  1050. */
  1051. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
  1052. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
  1053. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
  1054. embeddedice_store_reg(dbg_ctrl);
  1055. if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
  1056. {
  1057. return retval;
  1058. }
  1059. /* if the target is in Thumb state, change to ARM state */
  1060. if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
  1061. {
  1062. uint32_t r0_thumb, pc_thumb;
  1063. LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
  1064. /* Entered debug from Thumb mode */
  1065. armv4_5->core_state = ARM_STATE_THUMB;
  1066. arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
  1067. }
  1068. /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
  1069. /* all register content is now invalid */
  1070. register_cache_invalidate(armv4_5->core_cache);
  1071. /* SVC, ARM state, IRQ and FIQ disabled */
  1072. uint32_t cpsr;
  1073. cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
  1074. cpsr &= ~0xff;
  1075. cpsr |= 0xd3;
  1076. arm_set_cpsr(armv4_5, cpsr);
  1077. armv4_5->cpsr->dirty = 1;
  1078. /* start fetching from 0x0 */
  1079. buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
  1080. armv4_5->core_cache->reg_list[15].dirty = 1;
  1081. armv4_5->core_cache->reg_list[15].valid = 1;
  1082. /* reset registers */
  1083. for (i = 0; i <= 14; i++)
  1084. {
  1085. struct reg *r = arm_reg_current(armv4_5, i);
  1086. buf_set_u32(r->value, 0, 32, 0xffffffff);
  1087. r->dirty = 1;
  1088. r->valid = 1;
  1089. }
  1090. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
  1091. {
  1092. return retval;
  1093. }
  1094. return ERROR_OK;
  1095. }
  1096. /**
  1097. * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
  1098. * line or by programming a watchpoint to trigger on any address. It is
  1099. * considered a bug to call this function while the target is in the
  1100. * TARGET_RESET state.
  1101. *
  1102. * @param target Pointer to the ARM7/9 target to be halted
  1103. * @return Always ERROR_OK
  1104. */
  1105. int arm7_9_halt(struct target *target)
  1106. {
  1107. if (target->state == TARGET_RESET)
  1108. {
  1109. LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
  1110. return ERROR_OK;
  1111. }
  1112. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1113. struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
  1114. LOG_DEBUG("target->state: %s",
  1115. target_state_name(target));
  1116. if (target->state == TARGET_HALTED)
  1117. {
  1118. LOG_DEBUG("target was already halted");
  1119. return ERROR_OK;
  1120. }
  1121. if (target->state == TARGET_UNKNOWN)
  1122. {
  1123. LOG_WARNING("target was in unknown state when halt was requested");
  1124. }
  1125. if (arm7_9->use_dbgrq)
  1126. {
  1127. /* program EmbeddedICE Debug Control Register to assert DBGRQ
  1128. */
  1129. if (arm7_9->set_special_dbgrq) {
  1130. arm7_9->set_special_dbgrq(target);
  1131. } else {
  1132. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
  1133. embeddedice_store_reg(dbg_ctrl);
  1134. }
  1135. }
  1136. else
  1137. {
  1138. /* program watchpoint unit to match on any address
  1139. */
  1140. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
  1141. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
  1142. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  1143. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  1144. }
  1145. target->debug_reason = DBG_REASON_DBGRQ;
  1146. return ERROR_OK;
  1147. }
  1148. /**
  1149. * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
  1150. * ARM. The JTAG queue is then executed and the reason for debug entry is
  1151. * examined. Once done, the target is verified to be halted and the processor
  1152. * is forced into ARM mode. The core registers are saved for the current core
  1153. * mode and the program counter (register 15) is updated as needed. The core
  1154. * registers and CPSR and SPSR are saved for restoration later.
  1155. *
  1156. * @param target Pointer to target that is entering debug mode
  1157. * @return Error code if anything fails, otherwise ERROR_OK
  1158. */
  1159. static int arm7_9_debug_entry(struct target *target)
  1160. {
  1161. int i;
  1162. uint32_t context[16];
  1163. uint32_t* context_p[16];
  1164. uint32_t r0_thumb, pc_thumb;
  1165. uint32_t cpsr, cpsr_mask = 0;
  1166. int retval;
  1167. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1168. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1169. struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
  1170. struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
  1171. #ifdef _DEBUG_ARM7_9_
  1172. LOG_DEBUG("-");
  1173. #endif
  1174. /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
  1175. * ensure that DBGRQ is cleared
  1176. */
  1177. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
  1178. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
  1179. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
  1180. embeddedice_store_reg(dbg_ctrl);
  1181. if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
  1182. {
  1183. return retval;
  1184. }
  1185. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1186. {
  1187. return retval;
  1188. }
  1189. if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
  1190. return retval;
  1191. if (target->state != TARGET_HALTED)
  1192. {
  1193. LOG_WARNING("target not halted");
  1194. return ERROR_TARGET_NOT_HALTED;
  1195. }
  1196. /* if the target is in Thumb state, change to ARM state */
  1197. if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
  1198. {
  1199. LOG_DEBUG("target entered debug from Thumb state");
  1200. /* Entered debug from Thumb mode */
  1201. armv4_5->core_state = ARM_STATE_THUMB;
  1202. cpsr_mask = 1 << 5;
  1203. arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
  1204. LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
  1205. ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
  1206. } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
  1207. /* \todo Get some vaguely correct handling of Jazelle, if
  1208. * anyone ever uses it and full info becomes available.
  1209. * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
  1210. * B.7.3 for the reverse. That'd be the bare minimum...
  1211. */
  1212. LOG_DEBUG("target entered debug from Jazelle state");
  1213. armv4_5->core_state = ARM_STATE_JAZELLE;
  1214. cpsr_mask = 1 << 24;
  1215. LOG_ERROR("Jazelle debug entry -- BROKEN!");
  1216. } else {
  1217. LOG_DEBUG("target entered debug from ARM state");
  1218. /* Entered debug from ARM mode */
  1219. armv4_5->core_state = ARM_STATE_ARM;
  1220. }
  1221. for (i = 0; i < 16; i++)
  1222. context_p[i] = &context[i];
  1223. /* save core registers (r0 - r15 of current core mode) */
  1224. arm7_9->read_core_regs(target, 0xffff, context_p);
  1225. arm7_9->read_xpsr(target, &cpsr, 0);
  1226. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1227. return retval;
  1228. /* Sync our CPSR copy with J or T bits EICE reported, but
  1229. * which we then erased by putting the core into ARM mode.
  1230. */
  1231. arm_set_cpsr(armv4_5, cpsr | cpsr_mask);
  1232. if (!is_arm_mode(armv4_5->core_mode))
  1233. {
  1234. target->state = TARGET_UNKNOWN;
  1235. LOG_ERROR("cpsr contains invalid mode value - communication failure");
  1236. return ERROR_TARGET_FAILURE;
  1237. }
  1238. LOG_DEBUG("target entered debug state in %s mode",
  1239. arm_mode_name(armv4_5->core_mode));
  1240. if (armv4_5->core_state == ARM_STATE_THUMB)
  1241. {
  1242. LOG_DEBUG("thumb state, applying fixups");
  1243. context[0] = r0_thumb;
  1244. context[15] = pc_thumb;
  1245. } else if (armv4_5->core_state == ARM_STATE_ARM)
  1246. {
  1247. /* adjust value stored by STM */
  1248. context[15] -= 3 * 4;
  1249. }
  1250. if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
  1251. context[15] -= 3 * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
  1252. else
  1253. context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
  1254. for (i = 0; i <= 15; i++)
  1255. {
  1256. struct reg *r = arm_reg_current(armv4_5, i);
  1257. LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
  1258. buf_set_u32(r->value, 0, 32, context[i]);
  1259. /* r0 and r15 (pc) have to be restored later */
  1260. r->dirty = (i == 0) || (i == 15);
  1261. r->valid = 1;
  1262. }
  1263. LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
  1264. /* exceptions other than USR & SYS have a saved program status register */
  1265. if (armv4_5->spsr) {
  1266. uint32_t spsr;
  1267. arm7_9->read_xpsr(target, &spsr, 1);
  1268. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1269. {
  1270. return retval;
  1271. }
  1272. buf_set_u32(armv4_5->spsr->value, 0, 32, spsr);
  1273. armv4_5->spsr->dirty = 0;
  1274. armv4_5->spsr->valid = 1;
  1275. }
  1276. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1277. return retval;
  1278. if (arm7_9->post_debug_entry)
  1279. arm7_9->post_debug_entry(target);
  1280. return ERROR_OK;
  1281. }
  1282. /**
  1283. * Validate the full context for an ARM7/9 target in all processor modes. If
  1284. * there are any invalid registers for the target, they will all be read. This
  1285. * includes the PSR.
  1286. *
  1287. * @param target Pointer to the ARM7/9 target to capture the full context from
  1288. * @return Error if the target is not halted, has an invalid core mode, or if
  1289. * the JTAG queue fails to execute
  1290. */
  1291. int arm7_9_full_context(struct target *target)
  1292. {
  1293. int i;
  1294. int retval;
  1295. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1296. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1297. LOG_DEBUG("-");
  1298. if (target->state != TARGET_HALTED)
  1299. {
  1300. LOG_WARNING("target not halted");
  1301. return ERROR_TARGET_NOT_HALTED;
  1302. }
  1303. if (!is_arm_mode(armv4_5->core_mode))
  1304. return ERROR_FAIL;
  1305. /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
  1306. * SYS shares registers with User, so we don't touch SYS
  1307. */
  1308. for (i = 0; i < 6; i++)
  1309. {
  1310. uint32_t mask = 0;
  1311. uint32_t* reg_p[16];
  1312. int j;
  1313. int valid = 1;
  1314. /* check if there are invalid registers in the current mode
  1315. */
  1316. for (j = 0; j <= 16; j++)
  1317. {
  1318. if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
  1319. valid = 0;
  1320. }
  1321. if (!valid)
  1322. {
  1323. uint32_t tmp_cpsr;
  1324. /* change processor mode (and mask T bit) */
  1325. tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8)
  1326. & 0xe0;
  1327. tmp_cpsr |= armv4_5_number_to_mode(i);
  1328. tmp_cpsr &= ~0x20;
  1329. arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
  1330. for (j = 0; j < 15; j++)
  1331. {
  1332. if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
  1333. {
  1334. reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
  1335. mask |= 1 << j;
  1336. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
  1337. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
  1338. }
  1339. }
  1340. /* if only the PSR is invalid, mask is all zeroes */
  1341. if (mask)
  1342. arm7_9->read_core_regs(target, mask, reg_p);
  1343. /* check if the PSR has to be read */
  1344. if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
  1345. {
  1346. arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
  1347. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
  1348. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
  1349. }
  1350. }
  1351. }
  1352. /* restore processor mode (mask T bit) */
  1353. arm7_9->write_xpsr_im8(target,
  1354. buf_get_u32(armv4_5->cpsr->value, 0, 8) & ~0x20,
  1355. 0, 0);
  1356. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1357. {
  1358. return retval;
  1359. }
  1360. return ERROR_OK;
  1361. }
  1362. /**
  1363. * Restore the processor context on an ARM7/9 target. The full processor
  1364. * context is analyzed to see if any of the registers are dirty on this end, but
  1365. * have a valid new value. If this is the case, the processor is changed to the
  1366. * appropriate mode and the new register values are written out to the
  1367. * processor. If there happens to be a dirty register with an invalid value, an
  1368. * error will be logged.
  1369. *
  1370. * @param target Pointer to the ARM7/9 target to have its context restored
  1371. * @return Error status if the target is not halted or the core mode in the
  1372. * armv4_5 struct is invalid.
  1373. */
  1374. int arm7_9_restore_context(struct target *target)
  1375. {
  1376. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1377. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1378. struct reg *reg;
  1379. struct arm_reg *reg_arch_info;
  1380. enum arm_mode current_mode = armv4_5->core_mode;
  1381. int i, j;
  1382. int dirty;
  1383. int mode_change;
  1384. LOG_DEBUG("-");
  1385. if (target->state != TARGET_HALTED)
  1386. {
  1387. LOG_WARNING("target not halted");
  1388. return ERROR_TARGET_NOT_HALTED;
  1389. }
  1390. if (arm7_9->pre_restore_context)
  1391. arm7_9->pre_restore_context(target);
  1392. if (!is_arm_mode(armv4_5->core_mode))
  1393. return ERROR_FAIL;
  1394. /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
  1395. * SYS shares registers with User, so we don't touch SYS
  1396. */
  1397. for (i = 0; i < 6; i++)
  1398. {
  1399. LOG_DEBUG("examining %s mode",
  1400. arm_mode_name(armv4_5->core_mode));
  1401. dirty = 0;
  1402. mode_change = 0;
  1403. /* check if there are dirty registers in the current mode
  1404. */
  1405. for (j = 0; j <= 16; j++)
  1406. {
  1407. reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
  1408. reg_arch_info = reg->arch_info;
  1409. if (reg->dirty == 1)
  1410. {
  1411. if (reg->valid == 1)
  1412. {
  1413. dirty = 1;
  1414. LOG_DEBUG("examining dirty reg: %s", reg->name);
  1415. if ((reg_arch_info->mode != ARM_MODE_ANY)
  1416. && (reg_arch_info->mode != current_mode)
  1417. && !((reg_arch_info->mode == ARM_MODE_USR) && (armv4_5->core_mode == ARM_MODE_SYS))
  1418. && !((reg_arch_info->mode == ARM_MODE_SYS) && (armv4_5->core_mode == ARM_MODE_USR)))
  1419. {
  1420. mode_change = 1;
  1421. LOG_DEBUG("require mode change");
  1422. }
  1423. }
  1424. else
  1425. {
  1426. LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
  1427. }
  1428. }
  1429. }
  1430. if (dirty)
  1431. {
  1432. uint32_t mask = 0x0;
  1433. int num_regs = 0;
  1434. uint32_t regs[16];
  1435. if (mode_change)
  1436. {
  1437. uint32_t tmp_cpsr;
  1438. /* change processor mode (mask T bit) */
  1439. tmp_cpsr = buf_get_u32(armv4_5->cpsr->value,
  1440. 0, 8) & 0xe0;
  1441. tmp_cpsr |= armv4_5_number_to_mode(i);
  1442. tmp_cpsr &= ~0x20;
  1443. arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
  1444. current_mode = armv4_5_number_to_mode(i);
  1445. }
  1446. for (j = 0; j <= 14; j++)
  1447. {
  1448. reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
  1449. reg_arch_info = reg->arch_info;
  1450. if (reg->dirty == 1)
  1451. {
  1452. regs[j] = buf_get_u32(reg->value, 0, 32);
  1453. mask |= 1 << j;
  1454. num_regs++;
  1455. reg->dirty = 0;
  1456. reg->valid = 1;
  1457. LOG_DEBUG("writing register %i mode %s "
  1458. "with value 0x%8.8" PRIx32, j,
  1459. arm_mode_name(armv4_5->core_mode),
  1460. regs[j]);
  1461. }
  1462. }
  1463. if (mask)
  1464. {
  1465. arm7_9->write_core_regs(target, mask, regs);
  1466. }
  1467. reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
  1468. reg_arch_info = reg->arch_info;
  1469. if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY))
  1470. {
  1471. LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
  1472. arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
  1473. }
  1474. }
  1475. }
  1476. if (!armv4_5->cpsr->dirty && (armv4_5->core_mode != current_mode))
  1477. {
  1478. /* restore processor mode (mask T bit) */
  1479. uint32_t tmp_cpsr;
  1480. tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
  1481. tmp_cpsr |= armv4_5_number_to_mode(i);
  1482. tmp_cpsr &= ~0x20;
  1483. LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
  1484. arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
  1485. }
  1486. else if (armv4_5->cpsr->dirty)
  1487. {
  1488. /* CPSR has been changed, full restore necessary (mask T bit) */
  1489. LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
  1490. buf_get_u32(armv4_5->cpsr->value, 0, 32));
  1491. arm7_9->write_xpsr(target,
  1492. buf_get_u32(armv4_5->cpsr->value, 0, 32)
  1493. & ~0x20, 0);
  1494. armv4_5->cpsr->dirty = 0;
  1495. armv4_5->cpsr->valid = 1;
  1496. }
  1497. /* restore PC */
  1498. LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
  1499. arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
  1500. armv4_5->core_cache->reg_list[15].dirty = 0;
  1501. if (arm7_9->post_restore_context)
  1502. arm7_9->post_restore_context(target);
  1503. return ERROR_OK;
  1504. }
  1505. /**
  1506. * Restart the core of an ARM7/9 target. A RESTART command is sent to the
  1507. * instruction register and the JTAG state is set to TAP_IDLE causing a core
  1508. * restart.
  1509. *
  1510. * @param target Pointer to the ARM7/9 target to be restarted
  1511. * @return Result of executing the JTAG queue
  1512. */
  1513. int arm7_9_restart_core(struct target *target)
  1514. {
  1515. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1516. struct arm_jtag *jtag_info = &arm7_9->jtag_info;
  1517. /* set RESTART instruction */
  1518. jtag_set_end_state(TAP_IDLE);
  1519. if (arm7_9->need_bypass_before_restart) {
  1520. arm7_9->need_bypass_before_restart = 0;
  1521. arm_jtag_set_instr(jtag_info, 0xf, NULL);
  1522. }
  1523. arm_jtag_set_instr(jtag_info, 0x4, NULL);
  1524. jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
  1525. return jtag_execute_queue();
  1526. }
  1527. /**
  1528. * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
  1529. * iterated through and are set on the target if they aren't already set.
  1530. *
  1531. * @param target Pointer to the ARM7/9 target to enable watchpoints on
  1532. */
  1533. void arm7_9_enable_watchpoints(struct target *target)
  1534. {
  1535. struct watchpoint *watchpoint = target->watchpoints;
  1536. while (watchpoint)
  1537. {
  1538. if (watchpoint->set == 0)
  1539. arm7_9_set_watchpoint(target, watchpoint);
  1540. watchpoint = watchpoint->next;
  1541. }
  1542. }
  1543. /**
  1544. * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
  1545. * iterated through and are set on the target.
  1546. *
  1547. * @param target Pointer to the ARM7/9 target to enable breakpoints on
  1548. */
  1549. void arm7_9_enable_breakpoints(struct target *target)
  1550. {
  1551. struct breakpoint *breakpoint = target->breakpoints;
  1552. /* set any pending breakpoints */
  1553. while (breakpoint)
  1554. {
  1555. arm7_9_set_breakpoint(target, breakpoint);
  1556. breakpoint = breakpoint->next;
  1557. }
  1558. }
  1559. int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
  1560. {
  1561. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1562. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1563. struct breakpoint *breakpoint = target->breakpoints;
  1564. struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
  1565. int err, retval = ERROR_OK;
  1566. LOG_DEBUG("-");
  1567. if (target->state != TARGET_HALTED)
  1568. {
  1569. LOG_WARNING("target not halted");
  1570. return ERROR_TARGET_NOT_HALTED;
  1571. }
  1572. if (!debug_execution)
  1573. {
  1574. target_free_all_working_areas(target);
  1575. }
  1576. /* current = 1: continue on current pc, otherwise continue at <address> */
  1577. if (!current)
  1578. buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
  1579. uint32_t current_pc;
  1580. current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
  1581. /* the front-end may request us not to handle breakpoints */
  1582. if (handle_breakpoints)
  1583. {
  1584. if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
  1585. {
  1586. LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
  1587. if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
  1588. {
  1589. return retval;
  1590. }
  1591. /* calculate PC of next instruction */
  1592. uint32_t next_pc;
  1593. if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
  1594. {
  1595. uint32_t current_opcode;
  1596. target_read_u32(target, current_pc, &current_opcode);
  1597. LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
  1598. return retval;
  1599. }
  1600. LOG_DEBUG("enable single-step");
  1601. arm7_9->enable_single_step(target, next_pc);
  1602. target->debug_reason = DBG_REASON_SINGLESTEP;
  1603. if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
  1604. {
  1605. return retval;
  1606. }
  1607. if (armv4_5->core_state == ARM_STATE_ARM)
  1608. arm7_9->branch_resume(target);
  1609. else if (armv4_5->core_state == ARM_STATE_THUMB)
  1610. {
  1611. arm7_9->branch_resume_thumb(target);
  1612. }
  1613. else
  1614. {
  1615. LOG_ERROR("unhandled core state");
  1616. return ERROR_FAIL;
  1617. }
  1618. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
  1619. embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
  1620. err = arm7_9_execute_sys_speed(target);
  1621. LOG_DEBUG("disable single-step");
  1622. arm7_9->disable_single_step(target);
  1623. if (err != ERROR_OK)
  1624. {
  1625. if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
  1626. {
  1627. return retval;
  1628. }
  1629. target->state = TARGET_UNKNOWN;
  1630. return err;
  1631. }
  1632. arm7_9_debug_entry(target);
  1633. LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
  1634. LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
  1635. if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
  1636. {
  1637. return retval;
  1638. }
  1639. }
  1640. }
  1641. /* enable any pending breakpoints and watchpoints */
  1642. arm7_9_enable_breakpoints(target);
  1643. arm7_9_enable_watchpoints(target);
  1644. if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
  1645. {
  1646. return retval;
  1647. }
  1648. if (armv4_5->core_state == ARM_STATE_ARM)
  1649. {
  1650. arm7_9->branch_resume(target);
  1651. }
  1652. else if (armv4_5->core_state == ARM_STATE_THUMB)
  1653. {
  1654. arm7_9->branch_resume_thumb(target);
  1655. }
  1656. else
  1657. {
  1658. LOG_ERROR("unhandled core state");
  1659. return ERROR_FAIL;
  1660. }
  1661. /* deassert DBGACK and INTDIS */
  1662. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
  1663. /* INTDIS only when we really resume, not during debug execution */
  1664. if (!debug_execution)
  1665. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
  1666. embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
  1667. if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
  1668. {
  1669. return retval;
  1670. }
  1671. target->debug_reason = DBG_REASON_NOTHALTED;
  1672. if (!debug_execution)
  1673. {
  1674. /* registers are now invalid */
  1675. register_cache_invalidate(armv4_5->core_cache);
  1676. target->state = TARGET_RUNNING;
  1677. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
  1678. {
  1679. return retval;
  1680. }
  1681. }
  1682. else
  1683. {
  1684. target->state = TARGET_DEBUG_RUNNING;
  1685. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
  1686. {
  1687. return retval;
  1688. }
  1689. }
  1690. LOG_DEBUG("target resumed");
  1691. return ERROR_OK;
  1692. }
  1693. void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
  1694. {
  1695. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1696. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1697. uint32_t current_pc;
  1698. current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
  1699. if (next_pc != current_pc)
  1700. {
  1701. /* setup an inverse breakpoint on the current PC
  1702. * - comparator 1 matches the current address
  1703. * - rangeout from comparator 1 is connected to comparator 0 rangein
  1704. * - comparator 0 matches any address, as long as rangein is low */
  1705. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
  1706. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
  1707. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  1708. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
  1709. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
  1710. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
  1711. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
  1712. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
  1713. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  1714. }
  1715. else
  1716. {
  1717. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
  1718. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
  1719. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
  1720. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
  1721. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
  1722. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
  1723. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
  1724. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
  1725. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
  1726. }
  1727. }
  1728. void arm7_9_disable_eice_step(struct target *target)
  1729. {
  1730. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1731. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
  1732. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
  1733. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
  1734. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
  1735. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
  1736. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
  1737. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
  1738. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
  1739. embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
  1740. }
  1741. int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
  1742. {
  1743. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1744. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1745. struct breakpoint *breakpoint = NULL;
  1746. int err, retval;
  1747. if (target->state != TARGET_HALTED)
  1748. {
  1749. LOG_WARNING("target not halted");
  1750. return ERROR_TARGET_NOT_HALTED;
  1751. }
  1752. /* current = 1: continue on current pc, otherwise continue at <address> */
  1753. if (!current)
  1754. buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
  1755. uint32_t current_pc;
  1756. current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
  1757. /* the front-end may request us not to handle breakpoints */
  1758. if (handle_breakpoints)
  1759. if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
  1760. if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
  1761. {
  1762. return retval;
  1763. }
  1764. target->debug_reason = DBG_REASON_SINGLESTEP;
  1765. /* calculate PC of next instruction */
  1766. uint32_t next_pc;
  1767. if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
  1768. {
  1769. uint32_t current_opcode;
  1770. target_read_u32(target, current_pc, &current_opcode);
  1771. LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
  1772. return retval;
  1773. }
  1774. if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
  1775. {
  1776. return retval;
  1777. }
  1778. arm7_9->enable_single_step(target, next_pc);
  1779. if (armv4_5->core_state == ARM_STATE_ARM)
  1780. {
  1781. arm7_9->branch_resume(target);
  1782. }
  1783. else if (armv4_5->core_state == ARM_STATE_THUMB)
  1784. {
  1785. arm7_9->branch_resume_thumb(target);
  1786. }
  1787. else
  1788. {
  1789. LOG_ERROR("unhandled core state");
  1790. return ERROR_FAIL;
  1791. }
  1792. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
  1793. {
  1794. return retval;
  1795. }
  1796. err = arm7_9_execute_sys_speed(target);
  1797. arm7_9->disable_single_step(target);
  1798. /* registers are now invalid */
  1799. register_cache_invalidate(armv4_5->core_cache);
  1800. if (err != ERROR_OK)
  1801. {
  1802. target->state = TARGET_UNKNOWN;
  1803. } else {
  1804. arm7_9_debug_entry(target);
  1805. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
  1806. {
  1807. return retval;
  1808. }
  1809. LOG_DEBUG("target stepped");
  1810. }
  1811. if (breakpoint)
  1812. if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
  1813. {
  1814. return retval;
  1815. }
  1816. return err;
  1817. }
  1818. static int arm7_9_read_core_reg(struct target *target, struct reg *r,
  1819. int num, enum arm_mode mode)
  1820. {
  1821. uint32_t* reg_p[16];
  1822. uint32_t value;
  1823. int retval;
  1824. struct arm_reg *areg = r->arch_info;
  1825. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1826. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1827. if (!is_arm_mode(armv4_5->core_mode))
  1828. return ERROR_FAIL;
  1829. if ((num < 0) || (num > 16))
  1830. return ERROR_INVALID_ARGUMENTS;
  1831. if ((mode != ARM_MODE_ANY)
  1832. && (mode != armv4_5->core_mode)
  1833. && (areg->mode != ARM_MODE_ANY))
  1834. {
  1835. uint32_t tmp_cpsr;
  1836. /* change processor mode (mask T bit) */
  1837. tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
  1838. tmp_cpsr |= mode;
  1839. tmp_cpsr &= ~0x20;
  1840. arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
  1841. }
  1842. if ((num >= 0) && (num <= 15))
  1843. {
  1844. /* read a normal core register */
  1845. reg_p[num] = &value;
  1846. arm7_9->read_core_regs(target, 1 << num, reg_p);
  1847. }
  1848. else
  1849. {
  1850. /* read a program status register
  1851. * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
  1852. */
  1853. arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
  1854. }
  1855. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1856. {
  1857. return retval;
  1858. }
  1859. r->valid = 1;
  1860. r->dirty = 0;
  1861. buf_set_u32(r->value, 0, 32, value);
  1862. if ((mode != ARM_MODE_ANY)
  1863. && (mode != armv4_5->core_mode)
  1864. && (areg->mode != ARM_MODE_ANY)) {
  1865. /* restore processor mode (mask T bit) */
  1866. arm7_9->write_xpsr_im8(target,
  1867. buf_get_u32(armv4_5->cpsr->value, 0, 8)
  1868. & ~0x20, 0, 0);
  1869. }
  1870. return ERROR_OK;
  1871. }
  1872. static int arm7_9_write_core_reg(struct target *target, struct reg *r,
  1873. int num, enum arm_mode mode, uint32_t value)
  1874. {
  1875. uint32_t reg[16];
  1876. struct arm_reg *areg = r->arch_info;
  1877. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1878. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1879. if (!is_arm_mode(armv4_5->core_mode))
  1880. return ERROR_FAIL;
  1881. if ((num < 0) || (num > 16))
  1882. return ERROR_INVALID_ARGUMENTS;
  1883. if ((mode != ARM_MODE_ANY)
  1884. && (mode != armv4_5->core_mode)
  1885. && (areg->mode != ARM_MODE_ANY)) {
  1886. uint32_t tmp_cpsr;
  1887. /* change processor mode (mask T bit) */
  1888. tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
  1889. tmp_cpsr |= mode;
  1890. tmp_cpsr &= ~0x20;
  1891. arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
  1892. }
  1893. if ((num >= 0) && (num <= 15))
  1894. {
  1895. /* write a normal core register */
  1896. reg[num] = value;
  1897. arm7_9->write_core_regs(target, 1 << num, reg);
  1898. }
  1899. else
  1900. {
  1901. /* write a program status register
  1902. * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
  1903. */
  1904. int spsr = (areg->mode != ARM_MODE_ANY);
  1905. /* if we're writing the CPSR, mask the T bit */
  1906. if (!spsr)
  1907. value &= ~0x20;
  1908. arm7_9->write_xpsr(target, value, spsr);
  1909. }
  1910. r->valid = 1;
  1911. r->dirty = 0;
  1912. if ((mode != ARM_MODE_ANY)
  1913. && (mode != armv4_5->core_mode)
  1914. && (areg->mode != ARM_MODE_ANY)) {
  1915. /* restore processor mode (mask T bit) */
  1916. arm7_9->write_xpsr_im8(target,
  1917. buf_get_u32(armv4_5->cpsr->value, 0, 8)
  1918. & ~0x20, 0, 0);
  1919. }
  1920. return jtag_execute_queue();
  1921. }
  1922. int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  1923. {
  1924. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  1925. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  1926. uint32_t reg[16];
  1927. uint32_t num_accesses = 0;
  1928. int thisrun_accesses;
  1929. int i;
  1930. uint32_t cpsr;
  1931. int retval;
  1932. int last_reg = 0;
  1933. LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
  1934. if (target->state != TARGET_HALTED)
  1935. {
  1936. LOG_WARNING("target not halted");
  1937. return ERROR_TARGET_NOT_HALTED;
  1938. }
  1939. /* sanitize arguments */
  1940. if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
  1941. return ERROR_INVALID_ARGUMENTS;
  1942. if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
  1943. return ERROR_TARGET_UNALIGNED_ACCESS;
  1944. /* load the base register with the address of the first word */
  1945. reg[0] = address;
  1946. arm7_9->write_core_regs(target, 0x1, reg);
  1947. int j = 0;
  1948. switch (size)
  1949. {
  1950. case 4:
  1951. while (num_accesses < count)
  1952. {
  1953. uint32_t reg_list;
  1954. thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
  1955. reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
  1956. if (last_reg <= thisrun_accesses)
  1957. last_reg = thisrun_accesses;
  1958. arm7_9->load_word_regs(target, reg_list);
  1959. /* fast memory reads are only safe when the target is running
  1960. * from a sufficiently high clock (32 kHz is usually too slow)
  1961. */
  1962. if (arm7_9->fast_memory_access)
  1963. retval = arm7_9_execute_fast_sys_speed(target);
  1964. else
  1965. retval = arm7_9_execute_sys_speed(target);
  1966. if (retval != ERROR_OK)
  1967. return retval;
  1968. arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
  1969. /* advance buffer, count number of accesses */
  1970. buffer += thisrun_accesses * 4;
  1971. num_accesses += thisrun_accesses;
  1972. if ((j++%1024) == 0)
  1973. {
  1974. keep_alive();
  1975. }
  1976. }
  1977. break;
  1978. case 2:
  1979. while (num_accesses < count)
  1980. {
  1981. uint32_t reg_list;
  1982. thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
  1983. reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
  1984. for (i = 1; i <= thisrun_accesses; i++)
  1985. {
  1986. if (i > last_reg)
  1987. last_reg = i;
  1988. arm7_9->load_hword_reg(target, i);
  1989. /* fast memory reads are only safe when the target is running
  1990. * from a sufficiently high clock (32 kHz is usually too slow)
  1991. */
  1992. if (arm7_9->fast_memory_access)
  1993. retval = arm7_9_execute_fast_sys_speed(target);
  1994. else
  1995. retval = arm7_9_execute_sys_speed(target);
  1996. if (retval != ERROR_OK)
  1997. {
  1998. return retval;
  1999. }
  2000. }
  2001. arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
  2002. /* advance buffer, count number of accesses */
  2003. buffer += thisrun_accesses * 2;
  2004. num_accesses += thisrun_accesses;
  2005. if ((j++%1024) == 0)
  2006. {
  2007. keep_alive();
  2008. }
  2009. }
  2010. break;
  2011. case 1:
  2012. while (num_accesses < count)
  2013. {
  2014. uint32_t reg_list;
  2015. thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
  2016. reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
  2017. for (i = 1; i <= thisrun_accesses; i++)
  2018. {
  2019. if (i > last_reg)
  2020. last_reg = i;
  2021. arm7_9->load_byte_reg(target, i);
  2022. /* fast memory reads are only safe when the target is running
  2023. * from a sufficiently high clock (32 kHz is usually too slow)
  2024. */
  2025. if (arm7_9->fast_memory_access)
  2026. retval = arm7_9_execute_fast_sys_speed(target);
  2027. else
  2028. retval = arm7_9_execute_sys_speed(target);
  2029. if (retval != ERROR_OK)
  2030. {
  2031. return retval;
  2032. }
  2033. }
  2034. arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
  2035. /* advance buffer, count number of accesses */
  2036. buffer += thisrun_accesses * 1;
  2037. num_accesses += thisrun_accesses;
  2038. if ((j++%1024) == 0)
  2039. {
  2040. keep_alive();
  2041. }
  2042. }
  2043. break;
  2044. }
  2045. if (!is_arm_mode(armv4_5->core_mode))
  2046. return ERROR_FAIL;
  2047. for (i = 0; i <= last_reg; i++) {
  2048. struct reg *r = arm_reg_current(armv4_5, i);
  2049. r->dirty = r->valid;
  2050. }
  2051. arm7_9->read_xpsr(target, &cpsr, 0);
  2052. if ((retval = jtag_execute_queue()) != ERROR_OK)
  2053. {
  2054. LOG_ERROR("JTAG error while reading cpsr");
  2055. return ERROR_TARGET_DATA_ABORT;
  2056. }
  2057. if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
  2058. {
  2059. LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
  2060. arm7_9->write_xpsr_im8(target,
  2061. buf_get_u32(armv4_5->cpsr->value, 0, 8)
  2062. & ~0x20, 0, 0);
  2063. return ERROR_TARGET_DATA_ABORT;
  2064. }
  2065. return ERROR_OK;
  2066. }
  2067. int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  2068. {
  2069. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2070. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  2071. struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
  2072. uint32_t reg[16];
  2073. uint32_t num_accesses = 0;
  2074. int thisrun_accesses;
  2075. int i;
  2076. uint32_t cpsr;
  2077. int retval;
  2078. int last_reg = 0;
  2079. #ifdef _DEBUG_ARM7_9_
  2080. LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
  2081. #endif
  2082. if (target->state != TARGET_HALTED)
  2083. {
  2084. LOG_WARNING("target not halted");
  2085. return ERROR_TARGET_NOT_HALTED;
  2086. }
  2087. /* sanitize arguments */
  2088. if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
  2089. return ERROR_INVALID_ARGUMENTS;
  2090. if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
  2091. return ERROR_TARGET_UNALIGNED_ACCESS;
  2092. /* load the base register with the address of the first word */
  2093. reg[0] = address;
  2094. arm7_9->write_core_regs(target, 0x1, reg);
  2095. /* Clear DBGACK, to make sure memory fetches work as expected */
  2096. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
  2097. embeddedice_store_reg(dbg_ctrl);
  2098. switch (size)
  2099. {
  2100. case 4:
  2101. while (num_accesses < count)
  2102. {
  2103. uint32_t reg_list;
  2104. thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
  2105. reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
  2106. for (i = 1; i <= thisrun_accesses; i++)
  2107. {
  2108. if (i > last_reg)
  2109. last_reg = i;
  2110. reg[i] = target_buffer_get_u32(target, buffer);
  2111. buffer += 4;
  2112. }
  2113. arm7_9->write_core_regs(target, reg_list, reg);
  2114. arm7_9->store_word_regs(target, reg_list);
  2115. /* fast memory writes are only safe when the target is running
  2116. * from a sufficiently high clock (32 kHz is usually too slow)
  2117. */
  2118. if (arm7_9->fast_memory_access)
  2119. retval = arm7_9_execute_fast_sys_speed(target);
  2120. else
  2121. retval = arm7_9_execute_sys_speed(target);
  2122. if (retval != ERROR_OK)
  2123. {
  2124. return retval;
  2125. }
  2126. num_accesses += thisrun_accesses;
  2127. }
  2128. break;
  2129. case 2:
  2130. while (num_accesses < count)
  2131. {
  2132. uint32_t reg_list;
  2133. thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
  2134. reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
  2135. for (i = 1; i <= thisrun_accesses; i++)
  2136. {
  2137. if (i > last_reg)
  2138. last_reg = i;
  2139. reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
  2140. buffer += 2;
  2141. }
  2142. arm7_9->write_core_regs(target, reg_list, reg);
  2143. for (i = 1; i <= thisrun_accesses; i++)
  2144. {
  2145. arm7_9->store_hword_reg(target, i);
  2146. /* fast memory writes are only safe when the target is running
  2147. * from a sufficiently high clock (32 kHz is usually too slow)
  2148. */
  2149. if (arm7_9->fast_memory_access)
  2150. retval = arm7_9_execute_fast_sys_speed(target);
  2151. else
  2152. retval = arm7_9_execute_sys_speed(target);
  2153. if (retval != ERROR_OK)
  2154. {
  2155. return retval;
  2156. }
  2157. }
  2158. num_accesses += thisrun_accesses;
  2159. }
  2160. break;
  2161. case 1:
  2162. while (num_accesses < count)
  2163. {
  2164. uint32_t reg_list;
  2165. thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
  2166. reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
  2167. for (i = 1; i <= thisrun_accesses; i++)
  2168. {
  2169. if (i > last_reg)
  2170. last_reg = i;
  2171. reg[i] = *buffer++ & 0xff;
  2172. }
  2173. arm7_9->write_core_regs(target, reg_list, reg);
  2174. for (i = 1; i <= thisrun_accesses; i++)
  2175. {
  2176. arm7_9->store_byte_reg(target, i);
  2177. /* fast memory writes are only safe when the target is running
  2178. * from a sufficiently high clock (32 kHz is usually too slow)
  2179. */
  2180. if (arm7_9->fast_memory_access)
  2181. retval = arm7_9_execute_fast_sys_speed(target);
  2182. else
  2183. retval = arm7_9_execute_sys_speed(target);
  2184. if (retval != ERROR_OK)
  2185. {
  2186. return retval;
  2187. }
  2188. }
  2189. num_accesses += thisrun_accesses;
  2190. }
  2191. break;
  2192. }
  2193. /* Re-Set DBGACK */
  2194. buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
  2195. embeddedice_store_reg(dbg_ctrl);
  2196. if (!is_arm_mode(armv4_5->core_mode))
  2197. return ERROR_FAIL;
  2198. for (i = 0; i <= last_reg; i++) {
  2199. struct reg *r = arm_reg_current(armv4_5, i);
  2200. r->dirty = r->valid;
  2201. }
  2202. arm7_9->read_xpsr(target, &cpsr, 0);
  2203. if ((retval = jtag_execute_queue()) != ERROR_OK)
  2204. {
  2205. LOG_ERROR("JTAG error while reading cpsr");
  2206. return ERROR_TARGET_DATA_ABORT;
  2207. }
  2208. if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
  2209. {
  2210. LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
  2211. arm7_9->write_xpsr_im8(target,
  2212. buf_get_u32(armv4_5->cpsr->value, 0, 8)
  2213. & ~0x20, 0, 0);
  2214. return ERROR_TARGET_DATA_ABORT;
  2215. }
  2216. return ERROR_OK;
  2217. }
  2218. static int dcc_count;
  2219. static uint8_t *dcc_buffer;
  2220. static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
  2221. {
  2222. int retval = ERROR_OK;
  2223. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2224. if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
  2225. return retval;
  2226. int little = target->endianness == TARGET_LITTLE_ENDIAN;
  2227. int count = dcc_count;
  2228. uint8_t *buffer = dcc_buffer;
  2229. if (count > 2)
  2230. {
  2231. /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
  2232. * core function repeated. */
  2233. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
  2234. buffer += 4;
  2235. struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
  2236. uint8_t reg_addr = ice_reg->addr & 0x1f;
  2237. struct jtag_tap *tap;
  2238. tap = ice_reg->jtag_info->tap;
  2239. embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
  2240. buffer += (count-2)*4;
  2241. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
  2242. } else
  2243. {
  2244. int i;
  2245. for (i = 0; i < count; i++)
  2246. {
  2247. embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
  2248. buffer += 4;
  2249. }
  2250. }
  2251. if ((retval = target_halt(target))!= ERROR_OK)
  2252. {
  2253. return retval;
  2254. }
  2255. return target_wait_state(target, TARGET_HALTED, 500);
  2256. }
  2257. static const uint32_t dcc_code[] =
  2258. {
  2259. /* r0 == input, points to memory buffer
  2260. * r1 == scratch
  2261. */
  2262. /* spin until DCC control (c0) reports data arrived */
  2263. 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
  2264. 0xe3110001, /* tst r1, #1 */
  2265. 0x0afffffc, /* bne w */
  2266. /* read word from DCC (c1), write to memory */
  2267. 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
  2268. 0xe4801004, /* str r1, [r0], #4 */
  2269. /* repeat */
  2270. 0xeafffff9 /* b w */
  2271. };
  2272. int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
  2273. {
  2274. int retval;
  2275. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2276. int i;
  2277. if (!arm7_9->dcc_downloads)
  2278. return target_write_memory(target, address, 4, count, buffer);
  2279. /* regrab previously allocated working_area, or allocate a new one */
  2280. if (!arm7_9->dcc_working_area)
  2281. {
  2282. uint8_t dcc_code_buf[6 * 4];
  2283. /* make sure we have a working area */
  2284. if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
  2285. {
  2286. LOG_INFO("no working area available, falling back to memory writes");
  2287. return target_write_memory(target, address, 4, count, buffer);
  2288. }
  2289. /* copy target instructions to target endianness */
  2290. for (i = 0; i < 6; i++)
  2291. {
  2292. target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
  2293. }
  2294. /* write DCC code to working area */
  2295. if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
  2296. {
  2297. return retval;
  2298. }
  2299. }
  2300. struct arm_algorithm armv4_5_info;
  2301. struct reg_param reg_params[1];
  2302. armv4_5_info.common_magic = ARM_COMMON_MAGIC;
  2303. armv4_5_info.core_mode = ARM_MODE_SVC;
  2304. armv4_5_info.core_state = ARM_STATE_ARM;
  2305. init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
  2306. buf_set_u32(reg_params[0].value, 0, 32, address);
  2307. dcc_count = count;
  2308. dcc_buffer = buffer;
  2309. retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
  2310. arm7_9->dcc_working_area->address,
  2311. arm7_9->dcc_working_area->address + 6*4,
  2312. 20*1000, &armv4_5_info, arm7_9_dcc_completion);
  2313. if (retval == ERROR_OK)
  2314. {
  2315. uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
  2316. if (endaddress != (address + count*4))
  2317. {
  2318. LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
  2319. retval = ERROR_FAIL;
  2320. }
  2321. }
  2322. destroy_reg_param(&reg_params[0]);
  2323. return retval;
  2324. }
  2325. /**
  2326. * Perform per-target setup that requires JTAG access.
  2327. */
  2328. int arm7_9_examine(struct target *target)
  2329. {
  2330. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2331. int retval;
  2332. if (!target_was_examined(target)) {
  2333. struct reg_cache *t, **cache_p;
  2334. t = embeddedice_build_reg_cache(target, arm7_9);
  2335. if (t == NULL)
  2336. return ERROR_FAIL;
  2337. cache_p = register_get_last_cache_p(&target->reg_cache);
  2338. (*cache_p) = t;
  2339. arm7_9->eice_cache = (*cache_p);
  2340. if (arm7_9->armv4_5_common.etm)
  2341. (*cache_p)->next = etm_build_reg_cache(target,
  2342. &arm7_9->jtag_info,
  2343. arm7_9->armv4_5_common.etm);
  2344. target_set_examined(target);
  2345. }
  2346. retval = embeddedice_setup(target);
  2347. if (retval == ERROR_OK)
  2348. retval = arm7_9_setup(target);
  2349. if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
  2350. retval = etm_setup(target);
  2351. return retval;
  2352. }
  2353. COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
  2354. {
  2355. struct target *target = get_current_target(CMD_CTX);
  2356. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2357. if (!is_arm7_9(arm7_9))
  2358. {
  2359. command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
  2360. return ERROR_TARGET_INVALID;
  2361. }
  2362. if (CMD_ARGC > 0)
  2363. COMMAND_PARSE_ENABLE(CMD_ARGV[0],arm7_9->use_dbgrq);
  2364. command_print(CMD_CTX, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
  2365. return ERROR_OK;
  2366. }
  2367. COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
  2368. {
  2369. struct target *target = get_current_target(CMD_CTX);
  2370. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2371. if (!is_arm7_9(arm7_9))
  2372. {
  2373. command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
  2374. return ERROR_TARGET_INVALID;
  2375. }
  2376. if (CMD_ARGC > 0)
  2377. COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
  2378. command_print(CMD_CTX, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
  2379. return ERROR_OK;
  2380. }
  2381. COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
  2382. {
  2383. struct target *target = get_current_target(CMD_CTX);
  2384. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2385. if (!is_arm7_9(arm7_9))
  2386. {
  2387. command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
  2388. return ERROR_TARGET_INVALID;
  2389. }
  2390. if (CMD_ARGC > 0)
  2391. COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
  2392. command_print(CMD_CTX, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
  2393. return ERROR_OK;
  2394. }
  2395. COMMAND_HANDLER(handle_arm7_9_semihosting_command)
  2396. {
  2397. struct target *target = get_current_target(CMD_CTX);
  2398. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  2399. if (!is_arm7_9(arm7_9))
  2400. {
  2401. command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
  2402. return ERROR_TARGET_INVALID;
  2403. }
  2404. if (CMD_ARGC > 0)
  2405. {
  2406. int semihosting;
  2407. COMMAND_PARSE_ENABLE(CMD_ARGV[0], semihosting);
  2408. if (!target_was_examined(target))
  2409. {
  2410. LOG_ERROR("Target not examined yet");
  2411. return ERROR_FAIL;
  2412. }
  2413. if (arm7_9->has_vector_catch) {
  2414. struct reg *vector_catch = &arm7_9->eice_cache
  2415. ->reg_list[EICE_VEC_CATCH];
  2416. if (!vector_catch->valid)
  2417. embeddedice_read_reg(vector_catch);
  2418. buf_set_u32(vector_catch->value, 2, 1, semihosting);
  2419. embeddedice_store_reg(vector_catch);
  2420. } else {
  2421. /* TODO: allow optional high vectors and/or BKPT_HARD */
  2422. if (semihosting)
  2423. breakpoint_add(target, 8, 4, BKPT_SOFT);
  2424. else
  2425. breakpoint_remove(target, 8);
  2426. }
  2427. /* FIXME never let that "catch" be dropped! */
  2428. arm7_9->armv4_5_common.is_semihosting = semihosting;
  2429. }
  2430. command_print(CMD_CTX, "semihosting is %s",
  2431. arm7_9->armv4_5_common.is_semihosting
  2432. ? "enabled" : "disabled");
  2433. return ERROR_OK;
  2434. }
  2435. int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
  2436. {
  2437. int retval = ERROR_OK;
  2438. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  2439. arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
  2440. if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
  2441. return retval;
  2442. /* caller must have allocated via calloc(), so everything's zeroed */
  2443. arm7_9->wp_available_max = 2;
  2444. arm7_9->fast_memory_access = false;
  2445. arm7_9->dcc_downloads = false;
  2446. armv4_5->arch_info = arm7_9;
  2447. armv4_5->read_core_reg = arm7_9_read_core_reg;
  2448. armv4_5->write_core_reg = arm7_9_write_core_reg;
  2449. armv4_5->full_context = arm7_9_full_context;
  2450. retval = arm_init_arch_info(target, armv4_5);
  2451. if (retval != ERROR_OK)
  2452. return retval;
  2453. return target_register_timer_callback(arm7_9_handle_target_request,
  2454. 1, 1, target);
  2455. }
  2456. static const struct command_registration arm7_9_any_command_handlers[] = {
  2457. {
  2458. "dbgrq",
  2459. .handler = handle_arm7_9_dbgrq_command,
  2460. .mode = COMMAND_ANY,
  2461. .usage = "['enable'|'disable']",
  2462. .help = "use EmbeddedICE dbgrq instead of breakpoint "
  2463. "for target halt requests",
  2464. },
  2465. {
  2466. "fast_memory_access",
  2467. .handler = handle_arm7_9_fast_memory_access_command,
  2468. .mode = COMMAND_ANY,
  2469. .usage = "['enable'|'disable']",
  2470. .help = "use fast memory accesses instead of slower "
  2471. "but potentially safer accesses",
  2472. },
  2473. {
  2474. "dcc_downloads",
  2475. .handler = handle_arm7_9_dcc_downloads_command,
  2476. .mode = COMMAND_ANY,
  2477. .usage = "['enable'|'disable']",
  2478. .help = "use DCC downloads for larger memory writes",
  2479. },
  2480. {
  2481. "semihosting",
  2482. .handler = handle_arm7_9_semihosting_command,
  2483. .mode = COMMAND_EXEC,
  2484. .usage = "['enable'|'disable']",
  2485. .help = "activate support for semihosting operations",
  2486. },
  2487. COMMAND_REGISTRATION_DONE
  2488. };
  2489. const struct command_registration arm7_9_command_handlers[] = {
  2490. {
  2491. .chain = arm_command_handlers,
  2492. },
  2493. {
  2494. .chain = etm_command_handlers,
  2495. },
  2496. {
  2497. .name = "arm7_9",
  2498. .mode = COMMAND_ANY,
  2499. .help = "arm7/9 specific commands",
  2500. .chain = arm7_9_any_command_handlers,
  2501. },
  2502. COMMAND_REGISTRATION_DONE
  2503. };